Difference between revisions of "How Registry Interfaces With Active Directory"

From FMR Knowledge Base
Jump to navigation Jump to search
(Unsuccesfull Access)
(Unsuccesfull Access)
Line 2: Line 2:
  
  
=Unsuccesfull Access=
+
=Invalid Credentials=
- Attempt to access:  
+
The following details the communication for when a user supplies incorrect credentials to the Fusion Registry
 +
 
 +
[[File:AD-Unsuccessful.png]]
  
 
If the user provides incorrect credentials to the Fusion Registry, the following communication takes place:
 
If the user provides incorrect credentials to the Fusion Registry, the following communication takes place:
  
 
1) The Registry receives an HTTP (or HTTPS) Servlet Request from the browser. This request carries the username and password as supplied from the login page of the Registry.<br>
 
1) The Registry receives an HTTP (or HTTPS) Servlet Request from the browser. This request carries the username and password as supplied from the login page of the Registry.<br>
2) From this request object, an Authentication token is created within the Registry and sent as an LDAP (or LDAPS) connection to the Active Directory server.  This token only contains the userid and password as supplied in the previous stage<br>
+
2) From this request object, an Authentication token is created within the Registry and sent as an LDAP (or LDAPS) connection to the Active Directory server.  This token only contains the userid and password as supplied in the previous stage.
3) Active Directory responds with a ???? <br>
+
The Naming Manager apect of Active Directory attempts to resolve the supplied credentials.
4) Fusion Registry responds with an HTTP Servlet Response containing the information that the authentication request was unsuccesful with a status code for the reason.<br>
+
<br>
 +
3) Since the credentials were not authorised by the Naming Manager, Active Directory responds with an LDAP (or LDAPS) response which is
 +
4) Fusion Registry responds to the browser with an HTTP Servlet Response containing the information that the authentication request was unsuccesful with a status code for the reason.<br>
  
 
=Succesfull Access=
 
=Succesfull Access=

Revision as of 06:58, 31 May 2022

Active Directory can be used as the security manager for Fusion Metadata Registry. Configuration of this is explained here.


Invalid Credentials

The following details the communication for when a user supplies incorrect credentials to the Fusion Registry

AD-Unsuccessful.png

If the user provides incorrect credentials to the Fusion Registry, the following communication takes place:

1) The Registry receives an HTTP (or HTTPS) Servlet Request from the browser. This request carries the username and password as supplied from the login page of the Registry.
2) From this request object, an Authentication token is created within the Registry and sent as an LDAP (or LDAPS) connection to the Active Directory server. This token only contains the userid and password as supplied in the previous stage. The Naming Manager apect of Active Directory attempts to resolve the supplied credentials.
3) Since the credentials were not authorised by the Naming Manager, Active Directory responds with an LDAP (or LDAPS) response which is 4) Fusion Registry responds to the browser with an HTTP Servlet Response containing the information that the authentication request was unsuccesful with a status code for the reason.

Succesfull Access

1) The Registry receives an HTTP Servlet Request from the browser 2) From this request object, an Authentication token is created within the Registry and passed to the Active Directory server. This token only contains the userid and password as supplied in the previous stage 3) Active Directory responds with a ???? 4) Fusion Registry responds with an HTTP Servlet Response containing the information that the authentication request was unsuccesful with a status code for the reason.


The Active Directory service is queried to obtain a DirContext object - This is a InitialLdapContext

Failure: With respect to bad credentials a Spring BadCredentialsException is thrown which is converted into a FusionAuthenticationException which returns a 404 for the response

HttpServletResponse

Success:

The InitialLdapContext object is created. This is used to search for an object

This object is a org.springframework.ldap.core.DirContextAdapter And contains information about the user, such as the "DN" : CN=SOAP_Adam,OU=users,OU=Registry,OU=fusion,DC=metatech,DC=external